On Sun, May 14, 2017 at 6:54 AM, Manfred Spraul <[email protected]> wrote: > Hi Kees, > > On 05/09/2017 12:23 AM, Kees Cook wrote: >> >> This changes the struct + trailing data pattern to using a void * so that >> the end of sem_array is found without possibly indexing past the end which >> can upset some static analyzers. Mostly, this ends up avoiding a cast >> between different non-void types, which the future randstruct GCC plugin >> was warning about. > > Two question: > - Would the attached patch work with the randstruct plugin as well? > If we touch the code, then I would propose that we remove sem_base > entirely.
I'll double check with your series, but I think your change makes sense regardless (since it makes it very clear that there are allocated sems after the struct due to the [0] entry). > > - ipc/util.h contains > >> #define ipc_rcu_to_struct(p) ((void *)(p+1)) > > Does this trigger a warning with randstruct as well? > If we have to touch it, then I would remove it by merging struct > kern_ipc_perm and struct ipc_rcu. > > And, obviously: > Do you see any issues with the attached patch? I'll test your series with the randstruct series and see what falls out. :) Thanks! -Kees -- Kees Cook Pixel Security
